CVE-2025-47152
published 2025-08-05CVE-2025-47152: An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF…
PriorityP433medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.49%
38.3th percentile
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pdf-xchange | pdf-xchange_editor | — | — |
| pdf-xchange_co_ltd | pdf-xchange_editor | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities
blogs_talos·2025-08-27·CVSS 8.1
[HIGH] Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## Libbiosig vulnerabilities
Discovered by Mark Bereza and Lilith >_> of Cisco Talos.
BioSig is an open source software library for biomedical signal processing. The aim of the BioSig project is to fo
Wiz
CVE-2025-64085 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-64085 [MEDIUM] CVE-2025-64085 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64085 :
PDF-XChange Editor vulnerability analysis and mitigation
A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Source : NVD
## 7.5
Score
Published December 9, 2025
Severity HIGH
CNA Score 6.5
Affected Technologies
PDF-XChange Editor
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pdf-xchange:pdf-xchange_editor
Sources
Windows Severity HIGH No Fix Added at: Dec 11, 2025
Windows Severity HIGH No Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Wiz
CVE-2025-64086 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-64086 [MEDIUM] CVE-2025-64086 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64086 :
PDF-XChange Editor vulnerability analysis and mitigation
A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Source : NVD
## 7.5
Score
Published December 9, 2025
Severity HIGH
CNA Score 6.5
Affected Technologies
PDF-XChange Editor
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pdf-xchange:pdf-xchange_editor
Sources
Windows Severity HIGH No Fix Added at: Dec 11, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—
Wiz
CVE-2026-2040 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-2040 [MEDIUM] CVE-2026-2040 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2040 :
PDF-XChange Editor vulnerability analysis and mitigation
PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the TrackerUpdate process. The product loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of a target user. Was ZDI-CAN-27788.
Source : NVD
## 7.3
Score
Published February 20, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
2025-08-05
Published